1. Field of the Invention
The present invention relates to an access rights authentication apparatus for authenticating user""s access rights.
2. Description of the Prior Art
The program execution control technology is known as a prior art belonging to the same field as the present invention. With the program execution control technology,
1) a user authentication routine is embedded in an application program,
2) the routine checks that a user attempting to execute the application possesses an authorized authentication key, and
3) the program continues to execute only when the existence of the authentication key is confirmed, and in other cases, program execution is stopped.
Use of this technology permits only authorized users possessing an authentication key to execute an application program. This technology is commercially available in the software distribution business and the following products are available, for example: SentinelSuperPro (trademark) by Rainbow Technologies, Inc. and HASP (trademark) by Aladdin Knowledge Systems Ltd.
Hereinafter, the program execution control technology will be described in more detail.
1) A user to execute software possesses an authentication key as user identification information. The authentication key, which is used for encryption, is delivered to users by a software license provider, for example, a software vendor. The authentication key is carefully stored in a memory or the like within hardware to prevent duplication and is delivered to a user by use of physical means such as mail.
2) The user installs the hardware incorporating the authentication key in a personal computer or workstation of his own in a specified way. The hardware is installed in a printer board, for example.
3) The user starts the application program, and when the program execution reaches the above described user authentication routine, the program communicates with the hardware incorporating the user""s authentication key. The program identifies the authentication key based on the result of the communication, and proceeds to the next step when the existence of the correct authentication key is confirmed. When the communication fails and the existence of the authentication key cannot be confirmed, the program stops itself and refrains from further execution.
The access rights authentication routine identifies an authentication key according to the following protocol, for example.
1) The access rights authentication routine generates a proper number and sends it to hardware incorporating a key.
2) The key incorporating hardware encrypts the sent number using the incorporated authentication key and sends it to the authentication routine.
3) The authentication routine determines whether or not the returned number is an expected number, namely, a number obtained by encrypting the number sent to the hardware with the correct authentication key.
4) When the returned number matches an expected number, the program continues to execute, and if not so, the program execution stops.
In this case, the communication between the application program and the authentication key incorporating hardware must be different for each execution even in the case of communication with the same hardware in the same location within the same application program. Otherwise, by once recording communication contents in normal execution processes and subsequently making responses to the application program conformably to the recording, users not possessing the correct authentication key could execute the program. Invalid execution of an application program by such reproduction of communication contents is called a replay attack.
To prevent a replay attack, usually, a random number generated newly for each communication is sent to key incorporating hardware.
Problems of the prior art result from the fact that, when creating an application program, the program author must assume in advance an authentication key possessed by a user before providing protection for the program, based on the authentication key.
In other words, the program author must predict a correct response from key incorporating hardware at program creation and create the program so that it is normally executed only when a correct response is received.
The prior art of the characteristics described above basically has two usage modes; in either case, they have a problem described below.
1) In a first method, different users"" authentication keys are provided for different users. Namely, a different authentication key is provided for each user; for example, an authentication key A is assigned to a user A and an authentication key B to a user B.
In this case, the program author must create the program so that authentication routines in the program are switched appropriately for each user. In other words, since authentication keys are different for different users, the authentication routines in the program must be created so that they can identify an authentication key unique to a user using the program, therefore the program author must create as many different programs as the number of users.
When there are many target users, a task of specializing a program for each user requires unendurable efforts of a program author and there are an enormous number of user authentication keys to be managed.
2) In a second method, the program author provides a different authentication key for each application. Namely, a different authentication key is provided for each application; for example, an authentication key A is assigned to an application A and an authentication key B to an application B, and the application programs are created so that they can identify unique authentication keys.
Although this method eliminates the need to create a program individually for each user as in the case of the first method, a user must possess as many authentication keys as the number of applications to be used.
This restriction poses a problem described below to program authors and users.
As described previously, an authentication key must be carefully stored in hardware for distribution to users. Accordingly, programs themselves can be simply distributed via a network, whereas the distribution of hardware incorporating an authentication key must look to physical means such as mail. This restriction places a great burden on program authors in terms of cost, time, and packaging efforts.
The program authors, to meet users"" requests, must stock a given number of pieces of hardware which are different for each application, requiring stock control costs.
The users have to put up with a troublesome task of replacing hardware each time an application to be used is changed.
When a user wants to use an application, inconveniently the user cannot use it until hardware incorporating an authentication key arrives.
A method used to reduce this burden is to in advance incorporate a plurality of authentication keys in hardware and tell a user a password for using an unused authentication key in the hardware each time permission is given to the user for the use of a new application. However, even though this method is used, it is apparent that the problem described previously is not solved in principle. Actually, for the purpose of commercial production, a system is designed so that plural pieces of hardware can be serially coupled to reduce inconveniences resulting from the above problem.
In this way, any of the two methods described above leaves a problem with convenience for program authors and users.
Taking the external characteristics of the execution control technology into account, it is conceivable that it is also applicable to mail privacy protection, control of access to files and computer resources, and control of access to other general digital contents. However, the prior art is inapplicable to these fields because of the above described problem.
The present invention has been made in consideration of the above described circumstances, and it is an object of the present invention to offer an access rights authentication apparatus which eliminates troubles occurring both in users and protectors such as application authors as the result of manipulation of unique information of a large number of authentication keys and the like, and allows user""s access rights to be easily authenticated during program execution control, protection of an access right for digital contents (still images, moving pictures, voice, etc.), mail privacy protection, and control of access to files and computer resources.
According to a first aspect of the present invention, to achieve the above described purpose, there is provided a access rights authentication apparatus authenticating user""s access rights by verifying the legitimacy of proof data generated to prove the access rights of the user, including: first memory means for storing authentication data; second memory means for storing user unique identifying information; third memory means for storing proof support information obtained by execution of a predetermined computation on the user unique identifying information and access rights authentication characteristic information; proof data generation means for generating proof data by performing predetermined computations on the authentication data held in the first memory means and the user unique identifying information held in the second memory means; and proof data verification means for verifying that the proof data is generated based on the user unique identifying information, including computation means for performing predetermined computations on the proof data generated by the proof data generation means and the proof support information held in the third memory means, so that the computation results of the computation means are used for verification.
In this configuration, by introducing proof support information (access tickets), access rights authentication characteristics information and user unique identifying information can be made independent of each other, and therefore both protectors and users have only to prepare one piece of unique information. Furthermore, since users need not receive an access ticket, for example, a verification method is available which distributes an application program to the users along with an access ticket so that a proof data verification module uses it during verification.
According to a second aspect of the present invention, there is provided a access rights authentication apparatus authenticating user""s access rights by verifying the legitimacy of proof data generated to prove the access rights of the user, including: first memory means for storing authentication data; second memory means for storing user unique identifying information; third memory means for storing proof support information obtained by execution of a predetermined computation on the user unique identifying information and access rights authentication characteristic information; proof data generation means for generating proof data by performing predetermined computations on the authentication data held in the first memory means and the proof support information held in the third memory means; proof data verification means for verifying that the proof data is generated based on the proof support information; and computation means for performing predetermined computations on the proof data generated by the proof data generation means and the user unique identifying information held in the second memory means, the computation results of the computation means being used for verification.
In this configuration as well, access rights authentication characteristics information and user unique identifying information can be made independent of each other, and therefore protectors and users have only to prepare one piece of unique information. Moreover, since computations on the user unique identifying information are performed in the proof data verification module, the users have only to perform computations on an access ticket. For example, when the verification module is configured to have tamper-proof characteristics by dedicated hardware and holds user unique identifying information, the users can be safely authenticated only by possessing the access ticket.
According to a third aspect of the present invention, to achieve the above described purpose, there is provided a access rights authentication apparatus authenticating user""s access rights, including: first memory means for storing authentication data; second memory means for storing user unique identifying information; third memory means for storing proof support information resulting from execution of a predetermined computation on the user unique identifying information and access rights authentication characteristic information; and verification means for verifying that a pair of the proof support information and the user unique identifying information corresponds correctly to the access rights authentication characteristic information from the authentication data, the user unique identifying information, and the proof support information.
In this configuration as well, access rights authentication characteristics information and user unique identifying information can be made independent of each other, and therefore protectors and users have only to prepare one piece of unique information. Moreover, since all computations are performed in the verification module, the users can be authenticated only by carrying about their unique information and an access ticket. For example, when an application program is configured on a dedicated device, the users incorporate their unique information and an access ticket into an IC card. With the dedicated device equipped with a slot for inserting an IC card, the users can be authenticated by inserting an IC card into the slot.